Serverless Fun: Using Amazon SES and Lambda to Send and Receive Email

15 minute read Published:

I’m using Lightsail as a VPN, don’t really want to use an elastic IP as the instance is ephemeral. Because I’m not using an Elastic IP, security event emails sent from the host to my Gmail account fails. I also want to be able to send and receive an email or two every once in awhile on my new domain. And I really, really don’t want to run my own mail server right now, nor can I justify $25/month for Google hosting for a vanity blog only accessed by bots, spiders, and Internet censii.

Locking Down Ports on Amazon Lightsail

3 minute read Published:

I’ve been using Amazon Lightsail, which is kind of an “EC2-lite” to host my VPN server. It’s quick to set up and tear down, but one limitation is that, unlike traditional EC2, you can’t granularly control access to firewall ports from Amazon’s web UI. You open the port or close it, it’s all or nothing. While I might leave the VPN port open to access via mobile device, I don’t really want SSH open to the world.

Writing Custom Rules for OSSEC: OpenVPN Edition

2 minute read Published:

I wrote some custom rules for OpenVPN on OSSEC yesterday; the full step-by-step with instructions for beginners is included in the latest revision of The Seven Minute Server. But I figure if you’re here, you were searching for this specifically, so here’s the basics: Basic decoder in /var/ossec/etc/local_decoder.xml: <decoder name="openvpn"> <prematch>^\w\w\w\s\w\w\w\s+\d+\s\d\d(:)\d\d(:)\d\d\s\d\d\d\d</prematch> </decoder> I’ll be honest, I’m not a total fan of this approach, but the error logs aren’t formatted consistently, and the only static portion is the date; on the Amazon Linux AMI, it’s the only program that logs in this format (dracut is close, but adds timezone before the year).

Getting an A+ on Qualys SSL Labs' SSL Report

3 minute read Published:

I’m supposed to be studying for the ASA 101 sailing test. Yesterday, I procrastinated by adding another section to The Seven Minute Server and used CSS to create a practice test/quiz for the ASA 101 by hiding the answers until you hover over them. It didn’t get me any closer to finishing the prep book, but it was fun… Today, when I should have been tying exotic knots, on a whim, I ran my site through Qualys SSL Labs’ SSL Report and was dismayed to see this site got a B.

Installing an SSL Cert on Your Server with CentOS/Apache 2.4/Let's Encrypt

4 minute read Published:

Using Let’s Encrypt is so easy, there’s no excuse not to do it…the only drawback is that certificates expire after three months, but they’ll email to give you a heads-up when it gets close to time to switch ‘em up…and it really is simple (and free!) to get them issued. Here’s a run-through of how to use Certbot to install a Let’s Encrypt SSL certificate on an Amazon Linux image:

Writing Custom OSSEC Rules

8 minute read Published:

Our team recently implemented a proprietary security component for a web app we maintain. When it performs an action of note, the component writes the action to a log. As a system admin and tester babysitting a new component, I want to know about these actions when they happen, and this sounded like a perfect use case for OSSEC, an Open Source host-based intrusion detection system. OSSEC monitors system logs, checks for rootkits and system configuration changes, and does a pretty good job of letting us know what’s happening on our systems.

Who's attacking your web server today?

2 minute read Published:

We’re going to go a little off-book today for a segment I’d like to call, “Who’s attacking my server today?” I administer a few servers and they, like most anything connected to the Internet, are constantly under attack. Searching through my logs, I’ve seen a large number of pretty basic attacks trying to exploit a vulnerability in Parallels Plesk - a hosting control panel. If you’re using hosting “in the cloud1,” you’re bound to see a lot of this sort of thing.